Bloggers beat clickjackers

Those of us concerned about internet security enough to write about it on a regular basis usually frame our stories as “hackers vs. internet security professionals.” It’s a good story, and one that obviously happens all the time. Hackers and security professionals are essentially two sides of the same tech-savvy coin. Hackers, in fact, have even been divided into two categories to describe where they stand. Black hat hackers promote viruses, clickjacks, malware, et cetera. White hat hackers dabble in these technological arts to stop malware from spreading.

Bloggers, however, might not be giving ourselves a large enough role in the story. We often think of ourselves as reporters standing on the side lines. We’re not part of the action, we’re just noting the plays.

What we do, though, can involve some level of activism in favor of improved internet security. When we write about the latest clickjack spreading through Facebook, we warn people to avoid the scam. This inevitably means that we are part of the action. Why pretend otherwise?

Here’s a good example of how bloggers combat hackers. Recently a website named “Busty Bartenders” was found to use a likejack attack that hid a Facebook like button underneath the main page. Clicking anywhere on the page unleashed a script telling Facebook that you “like” the page, thus sharing the page with your friends. Instantly viral, right?

Not necessarily. Once bloggers learned about this clickjack attack, they started posted information on their sites and Facebook pages warning people to avoid Busty Bartenders. This had a very real effect on the website. Within a few days, the clickjack was taken away. Now you can find an authentic like button there instead of one hidden out of sight in an iframe.

Sure, the score is still tilted in the hackers’ favor. Clickjacks are all over the internet. But bloggers should recognize that we have done some good. And we have the capacity to do even more by focusing on the latest clickjacking attacks and letting everyone know about them.

After all, if a clickjack can go viral, so can our warning. Although we might need to promise images of busty women serving up powerful beverages to really compete.